North Korean hackers responsible for the Sony hack in late 2014 may be behind the mid-May WannaCry ransomware attack that infected more than 300,000 computer systems around the world. This is the second time in a matter of days that a security company links the infamous Lazarus Group to the cyber attack. The hackers, believed to be working for the North Korean government, took advantage of a Windows vulnerability first discovered by the NSA and then shared with the world by a different hackers organization that reportedly works for the Russians, to create WannaCry.
However, the WannaCry attack may not be orchestrated by the North Korean government, the report says. Instead, hackers may have acted on their own for financial gains.
After Kaspersky, Symantec also says there is evidence that supports the idea that North Korea may be behind the WannaCry hit.
“Analysis of [the February, March, and April] WannaCry attacks by Symantec’s Security Response Team revealed substantial commonalities in the tools, techniques, and infrastructure used by the attackers and those seen in previous Lazarus attacks, making it highly likely that Lazarus was behind the spread of WannaCry,” Symantec wrote in a blog post. “Despite the links to Lazarus, the WannaCry attacks do not bear the hallmarks of a nation-state campaign but are more typical of a cybercrime campaign.”
“Our confidence is very high that this is the work of people associated with the Lazarus Group, because they had to have source code access,” Symantec’s security response technical director Vikram Thakur told Newsweek. “We don’t think that this is an operation run by a nation-state.”
The cyber security expert said that it was a less likely scenario for the attack to create chaos by spreading WannaCry.
North Korea, meanwhile, denied any links to WannaCry, calling the speculations “a dirty and despicable smear campaign.”
In the Sony hack, US government and security companies accused North Korea. That’s not the case yet for WannaCry.